[Mongoose]

Wouldn't it be better to implement something that's much more immediately visible, though?  Here's a thought: create an e-mail account accessible by all the admins, and post a message on the registration page, to the effect of, "If your registration attempt is rejected as spam, please send an e-mail to the staff, and your account can be activated manually."

[Black Wolf]

Are supposed spambots informed of their rejection via some kind of automated email? If so, a link to a mibbit client in there might be more effective than a getting started sticky even.

[The E]

Isn't that exactly the kind of thing the Getting Started forum was made for ?

No. The Getting Started forum was not made to get around stupid forum bugs.

But the thing is that we know there are quite a few false positives, helping people out who were hit by them would be the nice thing to do, would it not?

[karajorma]

Oh I agree. But a solution at the source of the problem is better than one which might not be immediately obvious to a new user.

On that note, do we actually know that the spam system is actually keeping spammers at bay? It was put in before our current CAPITCHA system IIRC.

[Goober5000]

The warning message is being sent by the Stop Forum Spam plugin which Zacam applied.  It's based on community-reported blacklists, but every once in a while it snags someone innocent, so Zacam will go in and add an exception.

And yes, it most certainly is keeping spammers at bay.  Before it was installed, Zacam and I were fighting off over twenty bot registrations per day.

[Zacam]

And yes, it most certainly is keeping spammers at bay.  Before it was installed, Zacam and I were fighting off over two-hundred bot registrations per day.

Fixed that for you to reflect a more accurate count assessment. And dealing with it on a twice daily basis was exhausting.

[Goober5000]

Egad!  Either my memory is terrible, or I didn't know the tenth of it.

And I've transferred MatthTheGeek's write-up to the Getting Started forum.

[karajorma]

Yes but my point was that it was put in before the newer system. Is it still doing that? Is there any way to check?


This sort of thread is why I'm pissed off about this. We have no idea how big a problem this is because we don't know what percentage of people are getting turned off by false positives and simply not registering.

[Fury]

Should be fairly trivial to test, wouldn't it? Disable Stop Forum Spam for a while, if forums see influx of spammers, then the new captcha doesn't keep them away. If it does, then I wouldn't bother with Stop Forum Spam. Few spammers is better than few real people turned away.

[Hobbie]

Ah, feels nice to be able to make a first post. Thanks to Mobius and everyone else for your help in setting me up. Yeah, for those of us who haven't used IRC since the '90s, it frankly never occurred to me to try that. That new post in Getting Started will be helpful, though.

Should be fairly trivial to test, wouldn't it? Disable Stop Forum Spam for a while, if forums see influx of spammers, then the new captcha doesn't keep them away. If it does, then I wouldn't bother with Stop Forum Spam. Few spammers is better than few real people turned away.

During my registration woes I wasn't aware there was something besides the dual CAPTCHA that would be checking. Is there a possibility that the spam filter is doing blanket-level IP checks and comparing them against a big database somewhere? Admittedly I know nothing about the Stop Forum Spam service so I'm kinda just pitching ideas.

EDIT: It's probably worth pointing out that I tried registering from two entirely different IP addresses and had the same issue both times. Would the domain in the E-mail address flag it?

[General Battuta]

I've seen Gmail addresses from New York IPs blocked as spam.

[Fury]

Had one of these again. Was it ever confirmed whether HLP needs "Stop Forum Spam" after the current multi-frame gif captcha was put in place? Because I think it'd be worth the trouble to try, as HLP really can't afford turning away potential new community contributors.

Code: [Select]

16:35:08 *** mib_re33yk joined #hard-light [email protected]
16:35:46 <mib_re33yk>: Hi, I'm trying to register for the forum but it keeps giving me an error:
16:36:02 <mib_re33yk>: "The user [username] with Email [email] (IP [IP]) is a Spam, please contact forum administrator."
16:36:09 <mib_re33yk>: username/email/ip removed
16:36:17 <HerraTohtori>: Zacam?
16:36:25 <mib_re33yk>: I'd contact the forum administrator, but I have no idea who that is, and I can't exactly post the problem on the forums
16:36:39 <HerraTohtori>: you're in the right place
16:37:03 <HerraTohtori>: admins of HLP hang around here, if you don't find any here you can try #Freespace
16:37:09 <mib_re33yk>: thanks
16:37:19 <mib_re33yk>: it's past my bedtime already though, I might have to come back tomorrow
16:37:28 <HerraTohtori>: Zacam and Karajorma are admins that hang around in IRC. But sometimes they're AFK
16:37:35 <mib_re33yk>: I've been playing through WiH and apparently my pilot file is corrupted
16:37:43 <HerraTohtori>: ouch
16:37:45 <mib_re33yk>: malloc error which was supposed to have been fixed in a recent build
16:37:49 <HerraTohtori>: how far along were you?
16:37:50 <mib_re33yk>: http://www.hard-light.net/forums/index.php?topic=83354.0
16:37:56 <mib_re33yk>: Just finished Act 1
16:38:03 <mib_re33yk>: not really looking forward to replaying it
16:39:50 *** Darien joined #hard-light [email protected]
16:40:00 *** Darien left #hard-light [email protected]
16:40:55 *** Darien joined #hard-light [email protected]
16:41:32 <Darien>: Thanks HerraTohtori, I'll come back tomorrow and try for an admin
16:41:50 *** mib_re33yk quit (Quit: http://www.mibbit.com ajax IRC Client) [email protected]
16:45:09 <HerraTohtori>: Darien: cheers
16:45:20 *** Darien quit (Client Quit) [email protected]


[Goober5000]

Had one of these again. Was it ever confirmed whether HLP needs "Stop Forum Spam" after the current multi-frame gif captcha was put in place? Because I think it'd be worth the trouble to try, as HLP really can't afford turning away potential new community contributors.

Well, no.  In the strictest sense, HLP can afford to turn away new members (even though obviously we don't want to), but it can't afford to retain a security system that lets through 200 spambots per day.

Zacam is the one to pester if you really want to do a "trial by fire" to see if the multi-frame gif is sufficient -- but I wouldn't be surprised if he's not eager to try it.  You left before the spambot registrations really got bad -- I felt as though we were getting utterly flooded with bot registrations, and I only squashed a tenth of the ones that Zacam was handling.

[Zacam]

While I realize that any sort of Honeypot based solution such as StopForumSpam and/or Project HoneyPot API keys have a potential for false positives, especially in the cases of Dynamic IP addresses or ISP domain email addresses, the only thing I can do for controlling that is provision them with false positive information whenever possible, which I do.

And I'm not keen on seeing what sort of flood we would be hit with in terms of temporarily suspending either of those functions. While I do realize the abundant frustration caused by getting caught by a "false" positive, I'd rather lean on making it plainly clear that it can happen and how to get in touch with somebody (and what information to provide) so that we can work through each one as they happen.

The other alternative is what we were doing before, and we were still managing to ban-delete or reject valid registrations in a much higher count than that, including accidentally deleting people that had already managed posting genuine content.

That being said, I'm not the "end all be all" for the Community, so if there is a consensus that want's to have a peek at the world with the walls down, I can make it happen.

[Fury]

This really speaks for itself.

Code: [Select]

<Darien> is there an admin around?
<Darien> Zacam?
<Fury`> you may have better luck trying again in, what, 6 hours
<Fury`> karajorma isn't on any channels either
<Fury`> no wait, he is
<Fury`> send message to karajorma, maybe he's in
<Darien> cheers Fury`, but i might just give up on being able to register for the forums
<Darien> managed to fix my pilot file corruption problem anyway
«--- Darien ([email protected]) has Quit (Quit: Darien)


[karajorma]

Yeah, I wasn't in all day. I just noticed this on my IRC logs. If Darien is around I can still make him an account. I just need an email address.

[Zacam]

This really speaks for itself.

Know what else really speaks for itself? The current 43 pages of potential spam registrations accounts that attempted to register in the same time frame that didn't.

I'll revise some wording in some places to let genuine humans know what to do and how to send who what information is needed in order to address this.

***Edit: Registration attempt(s) found, user account created.

[Luke]

Hi all

Hi there, got another user having trouble registering:

"The user Luke with Email [email protected] (IP xxx.xxx.xxx.xxx) is a Spam, please contact forum administrator."

He's a guy that made some intersting stuff for Wing Commander Saga, some of which might be useful for the larger FS modding community.

After "only" 3 months, now i have my HLP account.  Thx to X3N0-Life-Form for the effort and to the admin whoever made it possible now.

Btw, visiting a IRC channel haven't helped me. I asked for help there and post the "The user Luke with Email [email protected] (IP xxx.xxx.xxx.xxx) is a Spam, please contact forum administrator." sentence and the only answer i got was "Stop being a spammer". Very funny, really, but not helpfully. 

Ah and another point: in Germany static IPs are very uncommon. The most private internet users have normally dynamic IPs and have this IP for maximum 24 hours (standard). So a anti-spam system based on IP's is nearly useless with users from germany.

Suggestion: a simple "contact us" feature at the website/forum can help a lot.

One question: there are two anti-spam-functions if i write a new post: captcha and the "word in sentence" feature. Is this now standard at every posting or only until i have x postings?

[The E]

It should vanish after a few posts.

Btw, visiting a IRC channel haven't helped me. I asked for help there and post the "The user Luke with Email [email protected] (IP xxx.xxx.xxx.xxx) is a Spam, please contact forum administrator." sentence and the only answer i got was "Stop being a spammer". Very funny, really, but not helpfully. 

On behalf of the chat, I have to apologize. Usually the people there are more helpful than that.

[karajorma]

Hey Luke, good to see you over here.